Issuing a Certificate in Active Directory CA

This article explains how a certificate to use by ClearBox may be issued. The requirement is that there's a certificate authority installed.

Run certreq.exe from the command line:

Specify the location of a certificate request file (read about creating it here) and click OK. Select an appropriate CA from the list and click OK. New request is sent.

Now run Certification Authority snap-in from Administrative Tools folder. Select 'Pending Requests' item:

You will find new pending request here in the list. Before issuing it, the necessary 'Enhanced Key Usage' extension should be added to make this certificate suitable for wireless authentication. Create a new text file (let's name it eku.txt) with this single text line:

30 0a 06 08 2b 06 01 05 05 07 03 01

It means 'Server authentication' expressed in hexadecimal form. Now run this from the command line:

certutil -setextension [request id here] 2.5.29.37 0 @eku.txt

Instead of [request id here] you should place the real request id (on the screenshot above, it is 14. In your system you'll get different values).

Now you may right-click the request, select All tasks, View attributes/Extensions... You request should have this extension now:

Right-click the request and select All tasks, Issue. If everything was done well, you'll find this request among Issued Certificates. Now double-click it, select Details tab and click Copy to File...:

Export Wizard is launched. Click Next and select Base-64 encoded X.509:

Click Next, specify the exported certificate file name and click Finish.

Now you may install the RADIUS server certificate as described here.